Skeptoid #947: How Your Driving Is Being Tracked
Is your phone really tracking your driving habits and selling the data? Maybe more so than you know. Learn about your ad choices: dovetail.prx.org/ad-choices
Is your phone really tracking your driving habits and selling the data? Maybe more so than you know. Learn about your ad choices: dovetail.prx.org/ad-choices
| Time | Text |
|---|---|
|
How Phones Spy on Driving
00:07:08
|
|
| We always hear people talk about how our phones are tracking us. | |
| Maybe they're listening in on our conversations, or maybe they're sending our location to Bill Gates. | |
| And usually there's very little truth to these. | |
| But there's at least one thing your phone actually is doing that almost nobody knows about. | |
| It's spying on how you drive. | |
| That's coming up right now on Skeptoid. | |
| Hi, I'm Alex Goldman. | |
| You may know me as the host of Reply All, but I'm done with that. | |
| I'm doing something else now. | |
| I've started a new podcast called Hyperfixed. | |
| On every episode of HyperFixed, listeners write in with their problems and I try to solve them. | |
| Some massive and life-altering, and some so minuscule it'll boggle your mind. | |
| No matter the problem, no matter the size, I'm here for you. | |
| That's HyperFixed, the new podcast from Radiotopia. | |
| Find it wherever you listen to podcasts or at hyperfixedpod.com. | |
| You're listening to Skeptoid. | |
| I'm Brian Dunning from Skeptoid.com. | |
| How your driving is being tracked. | |
| Welcome to the show that separates fact from fiction, science from pseudoscience, real history from fake history, and helps us all make better life decisions by knowing what's real and what's not. | |
| There's always a certain amount of paranoia about what our phones might be tracking about us and who they might be sending that information to. | |
| Some we know for a fact and some we only suspect and some has been disproven. | |
| But in that middle ground where most of us have no real idea is where we find both misinformation and justification for some of that paranoia. | |
| One of these questions concerns our driving habits. | |
| Who might be tracking our phones to learn about how and where and when we drive? | |
| And what might that be collected for? | |
| Today, we're going to scratch at least some of that surface. | |
| Complicating this particular question is the fact that a lot of our cars link pretty tightly with our phones via either Apple CarPlay or Android Auto. | |
| And even for those of us who don't connect our phones, more and more of our cars are running natively on those operating systems. | |
| The native dashboards of a huge number of new cars now run on Android Automotive. | |
| Apple continues developing their version of CarPlay for vehicles to run natively, but as of this writing, there are none on the market. | |
| Austin Martin and Porsche are expected to be among the first. | |
| But even those of us who don't connect our phones to our cars at all and don't have apps running on native automobile operating systems, we still generally have a phone in our pocket as we drive. | |
| That phone has GPS and accelerometers. | |
| It can tell when we're riding in a car, and it can tell if we brake suddenly or accelerate hard and whether we're speeding when we drive. | |
| It knows where we go and when we go there. | |
| It's a fact for almost all of us that all of this information and more exists and can be collected and sent to some recipient somewhere without our knowledge. | |
| The question today is whether it is, who's it going to? | |
| How's it being used? | |
| And is there anything we can do about it? | |
| This is one of those rapidly evolving fields, so depending on when you're listening to this episode, some of it may be out of date. | |
| But as of now, about the middle of 2024, the fundamental answer to all of these questions is auto insurance companies. | |
| Insurers wants to know who is a good risk, who is a bad risk, and how much people should be charged. | |
| A number of national news articles published in the first half of 2024 have included the stories of people who found their insurance rates as much as quadrupled, even though they hadn't had any accidents. | |
| And after some digging, they found that seemingly innocent apps on their phone had been collecting data on their driving habits, called telematics, and transmitting it to companies that resell individual driving scores to insurers. | |
| Yes, the fact is that an entire industry exists to harvest driving data from apps on your phone and in your car in order to calculate the right cost for your car insurance. | |
| Before we get to the obvious question, which is, how do I prevent these apps from doing this? | |
| Let's look a little closer at how this whole ecosystem works. | |
| Some app on your phone offers you some service that you have to agree to. | |
| You may have done this years ago and don't remember doing it. | |
| But now that that app has permissions, it collects all sorts of data on your movements. | |
| Generally, this does not include your location or where you drive to, but rather telematics like your speed and hard movements like braking, accelerating, turning hard, or crashing. | |
| It also includes how often you use your phone while driving, not just calling or texting, but even just picking it up. | |
| And it includes whether you're speeding, as measured by the speed limit at your location. | |
| The app then sells that data to a company that does analytics and risk assessment. | |
| And crucially, the data they sell does include your identity. | |
| So these telematics are tied to you personally. | |
| The three best known of these companies are LexisNexis, Verisk, and Arity. | |
| Erity is owned by AllState Insurance Company. | |
| The analytics company then assesses each driver's behavior and boils all of that data down into a single safety score from 1 to 10, 1 being a safe driver, 10 being a risky driver. | |
| This is from Arity's website. | |
| We look at drivers' performance behind the wheel, including how often they break suddenly, speed, or use their phones. | |
| We score these behaviors using our highly predictive DriveSight risk score, and we group individuals into 10 different risk categories. | |
| Risk category 1 drivers represent the lowest risk drivers, while risk category 10 drivers represent the highest risk drivers. | |
| What they end up with is an enormous database of personal identities with safety scores. | |
| It does not include locations or any specific drive information, just who you are and how risky of a driver you're assessed to be. | |
| Then the car insurance companies, all of them, buy this data from LexisNexis, Verisk, Erity, etc., for all their customers for whom it's available. | |
| The suspect apps that might be first on your list to worry about are the obvious ones we use while driving, navigation apps in particular, plus entertainment like music, podcasts, or audiobooks. | |
| Fortunately, as long as you stick with apps from the major tech companies, you're more likely to have your data protected. | |
|
The Truth About Tesla Data
00:09:57
|
|
| Anything from Google or Apple, including Google Maps, Waze, and Apple Maps, explicitly protects your privacy and does not do any such data collection and sharing. | |
| The navigation apps, however, do share other data, basically traffic and speed information that allows fast routes to be calculated. | |
| But this is aggregated and does not include personal information, and it's necessary for these services to do what they do. | |
| In a world that can feel overwhelming, spreading thoughtful, evidence-based content is one of the best ways to make a positive impact. | |
| Ask your local public radio station to air the Skeptoid files, a 30-minute radio-friendly version of Skeptoid that pairs two related episodes promoting real science, true history, and critical thinking. | |
| And in these challenging times for public media, we're offering these broadcasts for free to radio stations, available on the PRX Exchange or directly from Skeptoid Media. | |
| It's an easy ask. | |
| Just send a quick message to your station's programming director. | |
| By helping to bring the Skeptoid files to the airwaves, you'll help promote the essential skills we all need to tell fact from fiction. | |
| Just go to your local station's website, find the programming director's email address, or just their general email address. | |
| You can even use the telephone. | |
| I know that might sound crazy. | |
| It's an old legacy device that allows real-time voice communication. | |
| I know that's weird, but hey, it's an option. | |
| The world can feel chaotic, but you're not powerless. | |
| When you promote critical thinking, you can help your community tell fact from fiction. | |
| And that's how we shape a better future. | |
| In uncertain times, spreading good ideas can make you feel helpful, not helpless. | |
| Let's stand up for reason, truth, and understanding together. | |
| Get them to air the Skeptoid files from Skeptoid Media, available on the PRX Exchange, and they'll know what that is. | |
| Apps that should be at the top of your concern list are the apps you get from your car's manufacturer. | |
| Honda Link, Ford Pass, OnStar, My Chevrolet, Toyota, MyVW, a thousand others, one or two or three different apps available from every car manufacturer. | |
| In many cases, to use any of these apps features at all, you're required to agree to data sharing. | |
| Just about every one of these apps collects your telematics and sells them to the data analytics companies. | |
| Additionally, any app from an automobile insurance company is probably doing the same thing. | |
| Many of them openly so, pitching themselves with something like, use this app to show us what a good driver you are and save on your insurance. | |
| When in fact, the intent is to find out how terrible a driver you are to charge you more for your insurance. | |
| A benefit of getting apps from the Apple App Store is that every app's page in the store includes complete disclosures, audited by Apple, of what data is being collected and shared and whether it's personally identified as you or not. | |
| I went through a number of insurance company apps in the Apple App Store. | |
| State Farm, Allstate, Geico, Farmers, plus a few others, and every one that I looked at was collecting most or all of the possible data types, including contact and financial info, location, user content, diagnostics, and usage data. | |
| Everything necessary to assemble those telematics. | |
| None of these are necessary for the app to do what it appears to do for you, the user, which is to access and make changes to your insurance policy. | |
| This tells you there's some reason other than your own convenience for the companies to give you these apps. | |
| You can also find the apps published by the car manufacturers on the App Store, and you can see the disclosures about those apps data sharing as well. | |
| If you don't wish to have your telematics collected and shared, then whenever you install any of these apps, you need to decline to give permission for data sharing. | |
| Some of the apps won't let you proceed if you don't agree to this. | |
| In that case, you'll just have to do without the app and use the company's website when you need something from them. | |
| But insurance and carmaker apps are only the obvious ones. | |
| What's more insidious and thus arguably a higher risk are the countless independent apps. | |
| Theoretically, any app at all could include the telematics collection and sharing modules that are available to app developers. | |
| Even an innocuous game. | |
| When the New York Times published a series of articles in early 2024 about this, there were three apps that they highlighted specifically, which were found to all sell their users' telematics to Aerity. | |
| GasBuddy. | |
| A really popular app that helps you find the cheapest gas prices nearby. | |
| 90 million users, according to their app store listing, use GasBuddy. | |
| It has 446,000 five-star reviews. | |
| Life360 With 1.5 million five-star reviews on the App Store, Life360 is a friends and family location sharing app that lets you see not only where your friends and family are, but also certain connected devices. | |
| It's evidently a near clone of Apple's own FindMy app, but with tracking and selling of your data. | |
| MyRadar With 998,000 five-star reviews, this is one of the most popular weather apps. | |
| Its features such as predicting when rain is going to hit you while you're on a road trip, encourage people to have it open while they drive. | |
| If only they knew. | |
| All of these articles caused enough of a splash that General Motors, which came out of the New York Times series with perhaps the worst black eye, reacted by pledging in March 2024 to stop selling customer data to LexisNexis and Verisk. | |
| So far, at least as far as I could find, no other manufacturers have followed suit. | |
| The Mozilla Foundation, which tracks online privacy, reported the following eye-popping headline in late 2023. | |
| It's official, cars are the worst product category we have ever reviewed for privacy. | |
| There are two interesting standouts in this crowd. | |
| The electric vehicle manufacturers, Tesla and Rivian, both claim in their privacy disclosures that they do not sell any customer data to third parties, as GM is now pledging. | |
| And coincidentally, they are also the two holdouts who refuse to allow Apple CarPlay and Android Auto connectivity. | |
| And here's the kicker. | |
| GM also announced they are terminating support for those as well. | |
| I've spoken to lots of people. | |
| I've done lots of online research. | |
| And I have not been able to find a strategic motivation for these three manufacturers to take both of these steps. | |
| We can confidently conclude that it's not purely to protect their customers' privacy, since those customers all still have cell phones in their pockets and are still having their telematics collected and sold. | |
| It could be as simple as to protect the manufacturer's ability to charge for internet connectivity, since when a driver uses CarPlay or Android Auto, their phone provides all the needed connectivity. | |
| But somehow, Tesla drivers, at least, are still having their telematics harvested. | |
| Buried deep in the LexisNexis website are court cases in which they've provided evidence. | |
| Quite a few of these cases are when someone sued Tesla. | |
| One example is Dugan vs. Tesla from March 2024. | |
| Apparently, Dugan crashed his Tesla and tried to claim the car went crazy on him. | |
| LexisNexis stepped in and provided data showing that Dugan drives like a maniac. | |
| Obviously, those are paraphrases. | |
| And the court ultimately found shared liability between both parties. | |
| The takeaway here is that even though Tesla assures its customers that they don't sell drivers' telematics to LexisNexis or anyone else, and they block the use of CarPlay and Android Auto, LexisNexis is still getting all the data anyone needs from Tesla drivers. | |
| Obviously, apps that Dugan may have had on his phone are one potential source for how LexisNexis got his telematics. | |
| If there's another way, I look forward to learning what it was and issuing a future update to this episode. | |
| Rivian, despite their privacy promises, recently appeared at an industry conference in Las Vegas on a panel with LexisNexis titled, Using Emerging Driving Data Analytics to Price Policyholders for Maximum Profitability. | |
| So it seems reasonable to suspect that we're not being given the complete picture from these manufacturers. | |
| So in summary, not all conspiracy theories about what your phone is doing are false. | |
| And in this rapidly evolving field, what's true today may not be true six months from now or was true six months ago. | |
| But for today, the official Skeptoid advice is to either be happy with having your personally identified telematics collected and sold, or to start reading license agreements a lot more carefully and start declining to give privacy-related permissions a lot more often. | |
|
Why Skepticism Matters Now
00:02:14
|
|
| There isn't always somebody out to get you, and that's what makes the conspiratorial mindset generally an unhealthy one. | |
| But sometimes there are people after your personal data, and that's what makes the skeptical mindset essential. | |
| We continue with a bit about one other buyer of customer data from LexisNexis, the Immigration and Customs Enforcement Agency, in the ad-free and extended premium feed. | |
| To access it, become a supporter at skeptoid.com slash go premium. | |
| A great big Skeptoid shout out to our premium supporters, including Mark Allen Kagan, Steve Williams from Murray River Country, Australia, Sean Marshall from Ontario, Canada, and Stan, Know Not That One, Gordon. | |
| Thanks so much because your premium membership is what keeps us afloat. | |
| If you love the show, then make this a two-way street. | |
| For just $5 a month or more, tax-deductible for U.S. taxpayers, you can help ensure that this material is out there for those who need it for years to come. | |
| Just come to skeptoid.com and click GoPremium. | |
| And just as important, are you getting the Skeptoid Podcast Companion email? | |
| It comes out each week along with each new episode, featuring the wonder of the week, show notes, and much more. | |
| If you don't, you're only getting half the show. | |
| So come to skeptoid.com and click on podcast companion email. | |
| Skeptoid is a production of Skeptoid Media. | |
| Director of Operations and Tinfoil Hat Counter is Kathy Reitmeyer. | |
| Marketing guru and Illuminati liaison is Jake Young. | |
| Production Management and All Things Audio by Will McCandless. | |
| Music is by Lee Sanders. | |
| Researched and written by me, Brian Dunning. | |
| You're listening to Skeptoid, a listener-supported program. | |
| I'm Brian Dunning from Skeptoid.com. | |
|
Join the Premium Community
00:01:06
|
|
| Hello, everyone. | |
| This is Adrian Hill from Skookum Studios in Calgary, Canada, the land of maple syrup and moose. | |
| And I'm here to ask you to consider becoming a premium member of Skeptoid for as little as $5 per month. | |
| And that's only the cost of a couple of Tim Horton's double doubles. | |
| And that's Canadian for coffee with double cream and sugar. | |
| Why support Skeptoid? | |
| If you are like me and don't like ads, but like extended versions of each episode, Premium is for you. | |
| If you want to support a worthwhile nonprofit that combats pseudoscience, promotes critical thinking, and provides free access to teachers to use the podcast in the classroom via the Teacher's Toolkit, then sign up today. | |
| Remember that skepticism is the best medicine. | |
| Next to giggling, of course. | |
| Until next time, this is Adrienne Hill. | |
| From PRX | |